Slashdot Mirror
Montana City Requires Workers' Internet Accounts
justinlindh writes "Bozeman, Montana is now requiring all applicants for city jobs to furnish Internet account information for 'background checking.' A portion of the application reads, "Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.' The article goes on to mention, 'There are then three lines where applicants can list the Web sites, their user names and log-in information and their passwords.'"
They are seriously asking for people's passwords? If this some kinda of social engineering test where if you actually put them down you fail?
There is a war going on for your mind.
If they are able to hire people with these policies, then they are hiring people that they deserve, and those being hired are getting what they deserve. I honestly cannot envision going into a job interview and writing down, on a piece of paper that will end up who knows where, all of my user names and passwords, for every account I have on the Internet. I have trouble envisioning the idiots who would do so, but I'm guessing they look like the people who came up with this policy. And they deserve each other.
According to the online poll accompanying the article, 98% of respondents think it's an invasion of privacy.
That's as big a landslide as it gets, folks.
Why should workers have to supply personal information that isn't in any way relevant to the job? Why should workers give their bosses the means to invade on their personal lives? I realize there are cases (mainly national security type jobs) that may view these as compromising security, but then they should only require NDAs or, at worst, closing these accounts.
FTFA: "No one has ever removed his or her name from consideration for a job due to the request, Sullivan added."
Then they're getting exactly what they asked for. Considering that users will hand out their passwords for a chocolate bar, this sort of line doesn't scare me much any more. Is that sad or am I just bitter?
If pressed, I would consider handing out the *wrong* passwords, though; when they come back saying they couldn't log in, I'd alert it to the sites in question as a TOS violation, employment discrimination, etc..
That is just plain moronic. You do NOT ask for people's passwords ever. That's bloody ridiculous. You'll get a total of two types, liars who give you nothing or fakes, or idiots you actually give you this info.
"Please list any and all, current personal or business websites..." Really? Even if they can justify asking for personal information, business websites could include things like previous employer intranet logins, personal bank accounts, etc. If presented with a job application that included this kind of stuff, I would run, not walk, to the nearest exit.
âoeAny society that would give up a little liberty to gain a little security will deserve neither and lose both.
Do the user names and passwords to Banking Sites count as Business Accounts? Mortgage Accounts, e-trade accounts? Crazy Bozeman, MO city HR people. HR should stick with paper hats and cake. It is the only thing they are good at.
That's all I have to say.
1. Create Account with social site
2. Put name and password on app
3. Wait for it to be leaked and abused
4. Profit!
No need to get a job - this is like money in the bank.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
I just told them that even if I wrote down passwords, they are all written in Klingon and are only usable on Klingon keyboards, so they would be of no use to them. I was hired on the spot.
Change is inevitable, except from a vending machine -- Robert C. Gallagher
It has come to our attention that you lied or omitted information on your employment application. We have found out that you neglected to mention that you registered at creative.com 8 years ago to download some drivers and 3 years ago at dvorak.org/blog when you posted "get of my lawn".
So, they are offically asking to violate the Terms of Service of all of these services?
I'm sure that each one has a policy about not sharing login information for your personal accounts.
What's next, asking for your login for your banking information, so they can see how you spend your personal money?
Personal background checks are fine (and valid for many jobs, maybe not for a rank-and-file city job, but meh).
But they need to be done properly and honestly. This is just a really lazy and silly way to do it.
Obviously this policy and application wasn't vetted by anyone with a clue.
Maybe my bank access info?
Keys to my house?
Maybe a beaver shot of my wife?
MO = Missouri
MT = Montana
There is a LOT of stuff that prospective employers can't ask you (race, sex, family status, disability, etc.). One of those things is asking you about social organizations you belong to (presumably because someone could derrive illegal information from this like your age, nationality, religion, etc.). Asking for your Facebook/Myspace/etc. information would almost CERTAINLY fall under this (since things like age/sex/etc. are standard categories on most social websites, and this information is supposed to be basically anonymous) and is really opening them up for a rather impolite visit from the EEOC.
I suspect that, in these hard times, it's just that no one has bothered to file a claim against them yet.
SJW: Someone who has run out of real oppression, and has to fake it.
They DID say "Please"...
Further instructions on the form:
16d. Please analyze your own handwriting for us, and supply a full report on whether the results show that you may be predisposed to workplace violence.
16e. Please build your own polygraph machine, administer the test to yourself, and let us know whether it turns up any proclivity for white collar crime.
Find free books.
Ah, but it's perfectly safe. When you write your password out on the application form it comes out as ******!
Santa's suicide mission go!
Most of those sites (if not all of them) probably state in the TOS that you are not to share your login information. So... they're asking people to violate their agreements, and won't hire people who refuse. For example, Facebook's Terms section 4 item 6 states "You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account."
Brilliant. If you want to bribe a city official, go to Bozeman, because they only hire people who violate policy.
Don't you wish your girlfriend was a geek like me?
User: Anonymous Coward
Password:FAH-Q
Is there any level at which collective action (otherwise known as 'government') is a good thing? What is wrong with city jobs? Would you have the private sector take over all functions of government, on all levels? I would think, at the very least you would be in favor of a public police force to protect your property. No matter how many guns you have, someone has more, and is more willing to use them than you are. Fire departments are nice, too. As are public roads. In fact, I can't think of many things that city governments currently do that the private sector could do better. The private sector exists to give you as little value for your dollar as you can be convinced to accept. The government is an agent working on your behalf.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
are they genuinely fishing for stuff to exclude applications from consideration? Or just looking for an excuse to fire you later because you didn't disclose all of your online activities?
perhaps trying to avoid employer liability for stuff you say "in secret". They ask you for it so they can vet you, and you hid stuff from em; so they are not liable?
Almost makes me want to apply so I can down my alt.com and bmezine.com usernames and passwords. If nothing else, it will be enlightening for city employees who get to review it. :-)
And then I'd be rich when they refuse my application because of it and I sue their asses off.
The more people I meet, the better I like my dog.
The potential for misuse is absolutely incredible. I recall reading many events during which folks at the US Social Security Administration were looking up political candidates' records, where hospital employees in Los Angeles were looking up the medical records of celebrities that visited their hospital for care.
Now they want me to let the HR drones have the ability to log into my facebook, slashdot, etc accounts?
Anonymous Coward might still have a shot, since s/he does not have a username or password to disclose,... ;-)
Isn't that where the Vulcans landed?
"I disapprove of what you say, but I will defend to the death your right to say it." - Evelyn Beatrice Hall, re Voltaire
Obligatory bash quote: http://www.bash.org/?244321
http://www.google.com/accounts/TOS?hl=en
6. Your passwords and account security 6.1 You agree and understand that you are responsible for maintaining the confidentiality of passwords associated with any account you use to access the Services. 6.2 Accordingly, you agree that you will be solely responsible to Google for all activities that occur under your account.
5.6 You agree that you are solely responsible for (and that Google has no responsibility to you or to any third party for) any breach of your obligations under the Terms and for the consequences (including any loss or damage which Google may suffer) of any such breach.
Facebook's terms of service are just as strict.
4.6 You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.
I for one would not give that information and would suspect that the City is in violation of some law or other and that my providing usernames and passwords to these accounts would constitute my violation of terms of service and would get me in lots more trouble.
"i lost my dignity on a slippery wiener"
We all know to Net-proof kids right from single-digit ages not to provide identifying information to electronic correspondents that might be predators.
Now we're going to have to remember that "predators" needs to include "employers over a decade from now that may seize upon internet forum posts to take away your job or ruin your life".
So, kids: always set up accounts under a pseudonym. Use DIFFERENT pseudonyms. Strictly limit the friends that can connect your True Name (thx, Vernor Vinge) to your pseudonyms. And do not provide specific identifying information in any post. In forums that require True Names to work right (facebook), have Mom & Dad help you learn to consider words, and especially photos, carefully.
What they post at nine won't be held against them, but if you start developing their radar early, the appropriate attitudes of privacy and subterfuge will be reflexive by the late teens.
As for that first generation now looking for their first jobs with all kinds of youthful exuberance on the internet not staying on the internet - yikes, sorry, you're screwed. As the joke poster says, it may be your job to provide an example to others.
You'll get a total of two types, liars who give you nothing or fakes, or idiots you actually give you this info.
hang on. I now see the logic in this.
this is for GOVERNMENT work. I think you just described the ideal government civil-service worker!
maybe there's more thought to this than it appears.
--
"It is now safe to switch off your computer."
Judging by TFA, it was apparently vetted by their city attorney. Maybe even written by him.
Oh, wait. Anyone with a clue. Never mind. Nothing to see here, folks. Move along, move along.
Heck, I'd have trouble *writing* some of my passwords. My really complex ones are purely by finger/type memory.
change all your passwords to the same dummy password, then fill out your application with said dummy password. After compromising your dummy password, adhere to the sites' ToS by changing it (back). You didn't falsify your application, the information just became obsolete. I'm sure they don't require you to submit an addendum any time any piece of information on you application is rendered false.... right?
You must wait a little bit before using this resource; please try again later.
Well, depending on the filtering they use they may not get to see it. :) Point taken though. Who wants to volunteer? I worked with a guy that almost got fired because he linked back to suicide girls on his company intranet site, that is until the lawyers reigned in the boss. This was about 4 or 5 years ago.
Don't blame me for redundant posts. I can't type very fast. Hence the user ID.
Its on the Background check form.
is a complete hex string of the pirated Wolverine mp3. Store that in your database, suckers!
It's only going to deter people with average or above intelligence.
Free Martian Whores!
When this gets bounced out of court as un-Constitutional, I hope the city fires their attorney, Greg Sullivan. It's one thing for a clueless HR person to come up with BS like this, but it's the job of people like Sullivan to review it for legality issues. This guy is clearly not up to the job if he allowed this to pass.
And, really, if I give them no information at all, how are they going to prove it? "Anyone not here, please raise your hand."
Truth, Justice. Or the American Way.
They want me to write my passwords on paper? Unencrypted? Maybe I should write "************"!
Seriously though, even I've hardly ever seen my password in plain text in front of me! It hurts my eyes.
Also, I don't even remember my randomly generated passwords - I use Firefox to fill them in them with a master password.
This is ridiculous
OTOH, once City of Bozeman's HR department looks at Mr. Coward's posting history here (GNAA trolls, tubgirl and goatse, etc.), they won't be able to refuse to hire him fast enough.
Welcome to the Panopticon. Used to be a prison, now it's your home.
You'll get a total of two types, liars who give you nothing or fakes, or idiots you actually give you this info.
hang on. I now see the logic in this.
this is for GOVERNMENT work. I think you just described the ideal government civil-service worker!
maybe there's more thought to this than it appears.
Oh hi. I'm a rocket scientist. Welcome to NASA, your friendly national air and space administration, run by civil servants.
Seriously though, even I've hardly ever seen my password in plain text in front of me! It hurts my eyes.
No kidding, the only time I ever see my password is when i type too fast and the keyboard misses the enter or tab press between username and password... O.o
RUGBYRUGBYRUGBY
I'd say you get a fair amount of people in positions that should not be there, but are there for various reasons (liek seniority) and are entrenched and hard to remove. So you have people doing jobs they don't know because the job they did know was elimintated and they had 10 years. So the guy who knew his job, but only ahd 3 years is let go so they can keep the guys with 10 years.
You also get a fair amount of the "that's not my job" types. Their job has a job description and a list of tasks on their yearly review. If a task does not show up on them, they refuse to do it. They have the right to be this wy, because they do do the task that are on their yearly review. In the private sector (non-union), you get rid of these people.
Spelling and Grammar errors have been added to this post for your enjoyment
This is completely without merit and rather insane. I would walkout right then and there. As long as I show up and perform my duties as required my employer has right or even need to look into my personal life.
You're in the biggest city in nowhere Montana and you're applying for a civil service job, odds are that the Denny's just hired up last week and the only other job available right now is scooping Buffalo pies on some ranch outside of town. Winter's coming... what have you got to hide, anyway, son?
Montana is great... but the transplanted Californians are f***ing it up. I'd bet money this winner of an idea didn't come from a Montana native.
No, this came from the invasion of West Coast morons. The folks that stop fire departments from being built because they aren't "green" enough. The folks that try to pass subdivision-style regulations on sheds and lawns... in areas that are ranches, and have been for over 100 years!
So all you Left Coast people take note: don't bring California with you when you move to Montana.
If it deters people from applying for city jobs, it could prove to be a good thing.
-jcr
Yes, because cities work best when no one runs them. Roads, schools, parks, fire departments... no good can come of them! /sarcasm
Priceless typo on their page "Employment Process Policy" http://www.bozeman.net/bozeman/humanResource/processPolicy.aspx, "Alien Registration Receipt Card (Greed Card)"
I've just contacted the Montana ACLU Here
The article links to a video interview with Greg Sullivan Bozeman City Attorney here (right side of page), who defends the policy.
His Contact info:
City Attorney Greg Sullivan gsullivan@bozeman.net 406-582-2309
What I just emailed off to Mr. Sullivan
Greg Sullivan
Your city's requirement for job applicants to provide a list of all personal internet memberships, logins, and passwords has recently come to my attention. I have just requested that the Montana ACLU investigate this policy as it seems a severe invasion of privacy. I have always appreciated the state of Montana's noble defense of the Constitution, exemplified with recent decisions by the state to support 2nd amendment rights. Your city's applicant policy is the exact opposite of what I'd expect from the state of Montana, and I would urge you to seriously reconsider this requirement.
Actually, it gets worse. The application has a "survey" portion at the end which requests things that are technically forbidden: age, race/ethnicity, disability. Everyone should read it, it's kinda comical...under "race/ethnicity" it says "check the one category which best describes your recognition in your community"...White (not Hispanic or Latino), Black or African American (Not Hispanic or Latino), Hispanic or Latino...a couple more, then this gem: Two or More Races (Not Hispanic or Latino)....w...t...f...who the hell came up with this? Oh, and if you do look at it...try to figure out what I'd pick if I came from the middle east...no option for Iranians and Syrians...Or, how about somewhere in, say, Kazakhstan? They don't really exist, do they?
They even ask if the applicant has violated any criminal law or -traffic- regulations within the last five years! Here's a flashlight, want me to drop my pants, too?
Pure offense...that's all I can say.
Just tell them about your account on goatse.cx and other similar sites. Oh, and you MUST include a RickRoll in your site list.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Not only would the applicants be breaking the terms of service but the City of Bozeman would be guilty of all the "Unlawful Access of a Computer" laws we have all over the place. Since most of these online sites are hosted somewhere outside of Montana they would be guilty on a Federal level. The City of Bozeman should be prepared for all the lawsuits they're about to receive.
WOW that's a troll? Most of the stuff on bash.org is insanely contrived. Is the hunter2 conversation contrived? Yeah I'd say so... I think it's funny, but yeah it's pretty contrived. Not nearly half as contrived as most of the stuff on bash.org.
Considering that Montana is ground zero for right wing militia types (as well as pygmy pony & dental floss farmers). I think a lot of folks need to screw their heads back on, wake up & realize that it's the right-wing & not the left that poses the greatest threat to their privacy. Somebody up-thread asked if this was China. Nope, but it sure looks like Munich circa 1931. I'll betcha a dime to a doughnut that's a Republican city administration.
"Obviously, I'm not an IBM computer any more than I'm an ashtray" (Bob Dylan)
It's different.
This is quite different than being mugged and getting nothing in return. If you don't like the bargian, you have options.
Montana in general and Bozeman in specific has a lot more depth than you imagine (fifth largest, not largest - that'd be Billings). Gibson manufactures acoustic guitars here. Numerous laser and optics businesses have headquarters here. High tech software/service companies have headquarters here. And yes, we're well-served by tourist, agricultural, and ranching interests as well. It's not a job potpourri (few places are in this economy), but it's reasonably prosperous, educated, and varied in terms of both employment and culture. (it's still no defense for the hiring background check policy - working to get that changed now)
Its best not to try to engage the lunatic fringe here, you are never going to change their minds.
Looking at your UID, you probably already know this.
Slashdot, for some stupid reason, has become the home of entrenched libertarian idealists, who think that their ideology is self-evident, and beyond dispute. They, in other words, have perfect faith in it. They also are somewhat blind to history (how well did that Industrial Revolution work for you?), because their ideology trumps reality. I personally think pure, near sociopathic, greed is what drives them, and the whole "freemarket cures all ills, always" crap, and their social Darwinism mumbojumbo is nothing but an ad-hoc rationalization for their own short comings.
Add to this the internal attribution error situation where all poor people are lazy, and all could be filthy rich if "they put their minds to it", whereas if they ever went poor, you know they'd blame socialists, all those ghetto welfare mothers, and big government. But their faith in their shallow, disconnected, ideology blinds them to this.
They really are like your typical middle class America, they all think their rich because they can have a 52" TV, oblivious to the fact that their in the bottom 50% of wealth still, and are still one one or two paychecks from the street.
Sorry for the comment, I really respect your posts, and if /. was feeling like ever giving me mod points again, I would have modded them up.
A patriot must always be ready to defend his country against his government. -edward abbey
I made a contact in Bozeman, and she's forwarding my insights directly to the city attorney's office. My thoughts?
1) Requesting the logon IDs and passwords is likely asking them to violate the ToS or EULA of the site or service. Most sites have restrictions against sharing logon information. Therefore, they're basically asking potential employees to breach a contract.
2) You would never want to hire someone who would hand over user IDs and passwords to a third party, otherwise you'll have employees who will gladly turn over city/employee logon information to every social engineer out there.
Honestly, I was surprised when I got a reply back indicating she would forward the information on. She was unaware of the new policy, and was thankful that I brought it to her attention.
I use irony whenever I can, but my shirts are still wrinkled...
They have an equally idiotic internet usage policy... http://www.bozeman.net/bozeman/humanResource/employment policy/Admin__Order_IT_Use_Policy_6_2007.pdf
There's a follow-up story here which mentions, among other things, that this practice is a TOS violation for many web sites. However, nobody seems clued in yet that there may be other legal issues, like violation of the Computer Fraud and Abuse Act.